Skip to main content
SpringerLink
Log in

Quantifying Resistance to the Sybil Attack

  • Conference paper
Book cover Financial Cryptography and Data Security (FC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5143))

Included in the following conference series:

Abstract

Sybil attacks have been shown to be unpreventable except under the protection of a vigilant central authority. We use an economic analysis to show quantitatively that some applications and protocols are more robust against the attack than others. In our approach, for each distributed application and an attacker objective, there is a critical value that determines the cost-effectiveness of the attack. A Sybil attack is worthwhile only when the critical value is exceeded by the ratio of the value of the attacker’s goal to the cost of identities. We show that for many applications, successful Sybil attacks may be expensive even when the Sybil attack cannot be prevented. Specifically, we propose the use of a recurring fee as a deterrent against the Sybil attack. As a detailed example, we look at four variations of the Sybil attack against a recurring fee based onion routing anonymous routing network and quantify its vulnerability.

This work was supported in part by National Science Foundation award NSF-0133055.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
EUR 29.95
Price includes VAT (Netherlands)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (Netherlands)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 54.49
Price includes VAT (Netherlands)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Department of state bureau of diplomatic security: Investigating passport and visa fraud, http://www.state.gov/m/ds/investigat

  2. Abadi, M., Burrows, M., Manasse, M., Wobber, T.: Moderately Hard, Memory-Bound Functions. Trans. Inter. Tech. 5(2), 299–327 (2005)

    Article  Google Scholar 

  3. Anagnostakis, K., Greenwald, M.: Exchange-Based Incentive Mechanisms for Peer-to-Peer File Sharing. In: Proc. ICDCS, pp. 524–533 (March 2004)

    Google Scholar 

  4. Awerbuch, B., Scheideler, C.: Group Spreading: A Protocol for Provably Secure Distributed Name Service. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, pp. 183–195. Springer, Heidelberg (2004)

    Google Scholar 

  5. Bhattacharjee, R., Goel, A.: Avoiding Ballot Stuffing in eBay-like Reputation Systems. In: Proc. Wkshp on Econ of P2P Systems, pp. 133–137 (August 2005)

    Google Scholar 

  6. Bianchini, M., Gori, M., Scarselli, F.: Inside PageRank. Trans. Inter. Tech. 5(1), 92–128 (2005)

    Article  Google Scholar 

  7. Blaze, M., et al.: TAPI: Transactions for Accessing Public Infrastructure. In: Proc. IFIP-TC6 Intl. Conf. Personal Wireless Communications, pp. 90–100 (September 2003)

    Google Scholar 

  8. Blaze, M., Ioannidis, J., Keromytis, A.: Offline Micropayments without Trusted Hardware. In: Proc. Fin. Crypto., pp. 21–40 (February 2001)

    Google Scholar 

  9. Buchegger, S., Boudec, J.-Y.L.: A Robust Reputation System for P2P and Mobile Ad hoc Networks. In: Proc. Wkshp. on Econ. of P2P Systems (2004)

    Google Scholar 

  10. Capkun, S., Hubaux, J., Buttyan, L.: Mobility helps peer-to-peer security. IEEE Trans. Mobile Comp. 5(1) (January 2006)

    Google Scholar 

  11. Casella, G., Berger, R.: Statistical Inference. Wadsworth (2000)

    Google Scholar 

  12. Cheng, A., Friedman, E.: Sybilproof Reputation Mechanisms. In: Proc. Wkshp. on Econ. of P2P Systems, pp. 128–132 (August 2005)

    Google Scholar 

  13. Clausen, A.: Online Reputation Systems: The Cost of Attack of PageRank. Master’s thesis, Univ. of Melbourne (2003)

    Google Scholar 

  14. Cornelli, F., Damiani, E., Samarati, S.: Implementing a Reputation-Aware Gnutella Servent. In: Proc. IPTPS, pp. 321–334 (March 2002)

    Google Scholar 

  15. Cox, L., Noble, B.: Pastiche: Making Backup Cheap and Easy. In: Proc. OSDI, pp. 285–298 (December 2002)

    Google Scholar 

  16. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proc. USENIX Security Symp., pp. 303—320 (August 2004)

    Google Scholar 

  17. Douceur, J.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  18. Dragovic, B., Kotsovinos, E., Hand, S., Pietzuch, P.R.: Xenotrust: Event-based Distributed Trust Management. In: Proc. Intl. Wkshp. on Database and Expert Systems Applications, p. 410 (2003)

    Google Scholar 

  19. Freedman, M.J., Morris, R.: Tarzan: A Peer-to-Peer Anonymizing Network Layer. In: Proc. CCS, pp. 193–206 (November 2002)

    Google Scholar 

  20. Fu, Y., Chase, J., Chun, B., Schwab, S., Vahdat, A.: SHARP: An Architecture for Secure Resource Peering. In: Proc. SOSP, pp. 133–148 (October 2003)

    Google Scholar 

  21. Gatti, R., Lewis, S., Ozment, A., Rayna, T., Serjantov, A.: Sufficiently Secure Peer-to-Peer Networks. In: Proc. Wkshp. on Econ. of P2P Systems (May 2004)

    Google Scholar 

  22. Hildrum, K., Kubiatowicz, J.: Asymptotically efficient approaches to fault-tolerance in peer-to-peer networks. In: Proc. Intl. Symp. on Distributed Computing, pp. 321–336 (2003)

    Google Scholar 

  23. Hu, Y.-C., Perrig, A., Johnson, D.: Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Networks. Wireless Networks 11(1–2), 21–28 (2005)

    Article  Google Scholar 

  24. Kamvar, S.D., Schlosser, M.T., Garcia-Molina, H.: The eigentrust algorithm for reputation management in p2p networks. In: Proc. Intl. Conf. on World Wide Web, pp. 640–651. Press (2003)

    Google Scholar 

  25. Maniatis, P., Rosenthal, D.S.H., Roussopoulos, M., Baker, M., Giuli, T., Muliadi, Y.: Preserving Peer Replicas by Rate-Limited Sampled Voting. In: Proc. SOSP, pp. 44–59 (2003)

    Google Scholar 

  26. Margolin, N.B., Levine, B.N.: Informant: Detecting Sybils Using Incentives. In: Proc. Fin. Crypto. (FC) (February 2007)

    Google Scholar 

  27. Margolin, N.B., Levine, B.N.: Quantifying resistance to the sybil attack. Computer Science Technical Report 2007-64, University of Massachusetts Amherst (December 2007)

    Google Scholar 

  28. Marti, S., Garcia-Molina, H.: Limited reputation sharing in p2p systems. In: Proc. 5th conference on Electronic commerce (2004)

    Google Scholar 

  29. Meadows, C.: A cost-based framework for analysis of denial of service in networks. J. Comput. Secur. 9(1-2), 143–164 (2001)

    Google Scholar 

  30. Murdoch, S.J.: Hot or Not: Revealing Hidden Services by their Clock Skew. In: ACM Conference on Computer and Communications Security (CCS), pp. 27–36 (October 2006), http://www.cl.cam.ac.uk/~sjm217/talks/ccs06hotornot.pdf

  31. Murdoch, S.J., Danezis, G.: Low-Cost Traffic Analysis of Tor. In: Proc. IEEE Symp. on Security and Privacy, pp. 183–195 (May 2005)

    Google Scholar 

  32. Newsome, J., Shi, E., Song, D., Perrig, A.: The Sybil Attack in Sensor Networks: Analysis & Defenses. In: Proc. IPSN, pp. 259–268 (2004)

    Google Scholar 

  33. Ntarmos, N., Triantafillou, P.: SeAl: Managing Accesses and Data in Peer-to-Peer Sharing Networks. In: Proc. IPTPS, pp. 116–123 (2004)

    Google Scholar 

  34. Osborne, M.J., Rubinstein, A.: A Course In Game Theory. MIT Press, Cambridge (1994)

    Google Scholar 

  35. Piro, C., Shields, C., Levine, B.N.: Detecting the Sybil Attack in Ad hoc Networks. In: Proc. SecureComm., pp. 1–11 (August 2006)

    Google Scholar 

  36. Rodrigues, R., Liskov, B., Shrira, L.: The design of a robust peer-to-peer system. In: Proc. SIGOPS European Wkshp. (September 2002)

    Google Scholar 

  37. Schneier, B.: Applied Cryptography. John Wiley & Sons, Chichester (1996)

    Google Scholar 

  38. Seti@home, http://setiathome.ssl.berkeley.edu

  39. Shneidman, J., Parkes, D.C.: Rationality and Self-Interest in Peer-to-Peer Networks. In: Proc. IPTPS, pp. 139–148 (2003)

    Google Scholar 

  40. Srivatsa, M., Liu, L.: Vulnerabilities and Security Threats in Structured Overlay Networks: A Quantitative Analysis. In: Proc. ACSAC, pp. 252–261 (December 2004)

    Google Scholar 

  41. Stavrou, A., Cook, D.L., Morein, W.G., Keromytis, A.D., Misra, V., Rubenstein, D.: WebSOS: An overlay-based system for protecting web servers from denial of service attacks. J. Comm. Networks 48(5) (August 2005)

    Google Scholar 

  42. Stavrou, A., et al.: A Pay-Per-Use DOS Protection Mechanism for the Web. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 120–134. Springer, Heidelberg (2004)

    Google Scholar 

  43. von Ahn, L., Blum, M., Hopper, N., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Proc. Eurocrypt, pp. 294–311 (2003)

    Google Scholar 

  44. Wright, M., Adler, M., Levine, B., Shields, C.: The predecessor attack: An analysis of a threat to anonymous communications systems. TISSEC 7(4), 489–522 (2004)

    Article  Google Scholar 

  45. Wright, M., Adler, M., Levine, B.N., Shields, C.: Passive-Logging Attacks Against Anonymous Communications Systems. TISSEC 11(2) (May 2008)

    Google Scholar 

  46. Yu, H., Kaminsky, M., Gibbons, P.B., Flaxman, A.: SybilGuard: Defending Against Sybil Attacks via Social Networks. In: Proc. SIGCOMM, pp. 267–278 (September 2006)

    Google Scholar 

  47. Yurkewych, M., Levine, B.N., Rosenberg, A.L.: On the Cost-Ineffectiveness of Redundancy in Commercial P2P Computing. In: Proc. CCS, pp. 280–288 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, Univ. of Massachusetts, Amherst, MA, USA

    N. Boris Margolin & Brian Neil Levine

Authors
  1. N. Boris Margolin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brian Neil Levine
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Gene Tsudik

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Margolin, N.B., Levine, B.N. (2008). Quantifying Resistance to the Sybil Attack. In: Tsudik, G. (eds) Financial Cryptography and Data Security. FC 2008. Lecture Notes in Computer Science, vol 5143. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85230-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85230-8_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85229-2

  • Online ISBN: 978-3-540-85230-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation